Experian InsightsData | Fraud | Analytics | Software | Consulting2016-12-08T17:47:36Zhttp://www.experian.com/blogs/insights/feed/atom/WordPressAdam Fingershhttp://www.experian.com/blogs/insights/http://www.experian.com/blogs/insights/?p=9029732016-12-08T17:47:36Z2016-12-07T20:42:55ZTechnology sharing can unlock a more effective strategy in fighting fraud. Experian’s multi-layered and risk-based approach to fraud management is discussed as many businesses are learning that combining data and technology to strengthen their fraud risk strategies can help reduce losses. Evolving fraud schemes, changes in regulatory requirements and the advent of new digital initiatives make it difficult for businesses to manage all of the tools needed to keep up with the relentless pace of change.

Fraud and cybersecurity are two of the biggest risks challenging organizations and the economy today. Fraud has become its own industry, to the tune of $500 billion in estimated losses annually to the global economy.

Increasingly, the public seems resigned to the idea that such compromises are the new normal. An estimated 1.9 million records are compromised every day, and news of breaches seems to break constantly. All of this produces a kind of fraud fatigue that may be lowering consumers’ expectations for identity and online security. Still, businesses must continue their efforts to prevent fraud attacks to protect all parties’ interests. The rapid growth of fraud-related activity only reinforces the need for aggressive fraud prevention strategies and the adoption of new technology to prepare for the latest emerging cybersecurity threats.

These challenges highlight the need to improve the effectiveness of current processes and future technology roadmaps. The good news is that we know the elements needed to strengthen fraud risk strategies already exist. The question most often asked is how to utilize them, so I’ve put together those I think are most important:

First, a multi-layered authentication and risk-based approach is the best method to prevent fraud.

Take a comprehensive approach to identity with true customer intelligence.

Avoid silos and recognize the value of combining your solutions into one platform

Technology-Sharing Is Critical in Preventing Fraud

Fraud and cybersecurity are two of the biggest risks challenging organizations and the economy today. Fraud has become its own industry, to the tune of $500 billion in estimated losses annually to the global economy.

Increasingly, the public seems resigned to the idea that such compromises are the new normal. An estimated 1.9 million records are compromised every day, and news of breaches seems to break constantly. All of this produces a kind of fraud fatigue that may be lowering consumers’ expectations for identity and online security. Still, businesses must continue their efforts to prevent fraud attacks to protect all parties’ interests. The rapid growth of fraud-related activity only reinforces the need for aggressive fraud prevention strategies and the adoption of new technology to prepare for the latest emerging cybersecurity threats.

Many businesses understand that combining data and technology to strengthen their fraud risk strategies can help reduce losses. Ever-evolving fraud schemes, changes in regulatory requirements and the advent of new digital initiatives make it difficult for businesses to manage all of the tools needed to keep up with the relentless pace of change. The systems used internally by businesses have become increasingly complex, expensive, and difficult to integrate and manage. This complexity tests an organization’s ability to scale in response to new risks quickly and causes too much friction for customers, often resulting in a bad customer experience.

These challenges highlight the need to improve the effectiveness of current processes and future technology roadmaps. The good news is that we know the elements needed to strengthen fraud risk strategies already exist. The question most often asked is how to utilize them, so I’ve put together strategies that I think are most important.

First, a multi-layered authentication and risk-based approach is the best method to prevent fraud. This aligns with the National Institute of Standards and Technology’s efforts to establish standards and guidelines for identity-proofing and credential management for consumers.

The most successful companies in this mission are those that take a comprehensive approach with true customer intelligence. Rather than rely on a single data point, these companies ensure they use multiple sources and types of data, for examples, combining personally identifiable information (PII) with digital identity or device intelligence. The combination of these seemingly disparate types of data not only offers a better picture of the customer but also makes it easier to identify when a fraudster has compromised the identity.

Those same companies are now able to frustrate criminals by broadening from a focus solely on the accuracy of an identity to looking at the use patterns associated with that identity as well. This strategy does two important things:

Determine which identities—or pieces of identities—are potentially in use by someone other than their true owner

Isolate those identity attributes that a criminal must re-use because changing them every time is too costly and complicated

Fraud-detection algorithms that analyze use patterns have long focused on the re-use of data elements through link analysis to identify common phone numbers and addresses. This represents a fairly basic approach to detecting fraud, but the sophistication of this type of analysis is evolving. Newer solutions on the market can link a wide variety of data elements in a user-driven manner within the customer’s enterprise so it is both dynamic and focused on fraud trends that impact a specific business.

Companies have also learned to avoid silos or have at least figured out how to build a bridge between silos so information can not only be shared but also leveraged in order to protect both the business and the customer while providing a better overall experience.

Lastly, organizations are recognizing when they are not getting full value out of the many fraud systems and products they use, and are making the strategic decision to rectify it through shared technology platforms that improve efforts to detect and respond to emerging threats. Combining all new and existing fraud solutions into one platform lets companies quickly respond to new threats, which means less fraud and more confidence in transactions.

By creating true customer intelligence, sharing it across the organization and then leveraging all of their available systems and tools, the most successful companies take a more open approach, which allows them to create greater operational efficiency by getting more out of existing fraud and identity systems. They also are able to deploy new fraud detection capabilities effectively and decrease the time it takes to go to market with new tools and strategies. Keeping more control in the hands of the fraud team to adapt and deploy strategies that match the pace of fraud also reduces the burdens on IT and data science teams.

The cycle of fraud loss and deterioration of the customer experience characterizes life in today’s globally connected digital world. With crime rings stepping up the scale, sophistication, and velocity of their attacks, it’s likely that such threats will persist and even increase in the foreseeable future.

The evolution of fraud prevention has shifted, allowing for users to create intelligence across an enterprise connected to internal applications and third-party solutions. This evolution strengthens fraud risk strategies and improves compliance. The link between data and technology ultimately determines the impact on overall fraud losses.

]]>0Kyle Matthieshttp://www.experian.com/blogs/insights/?p=9029402016-11-30T23:54:59Z2016-12-06T06:00:00ZLet’s play word association. When I say holiday season, what’s the first thing that comes to mind? Childhood memories. Connecting with family. A special dish mom used to make. Or perhaps it’s budgeting, debt and credit card spend. The holidays…

48 percent of respondents felt thoughtful when thinking about the season

30 percent felt stressed

24 percent felt overwhelmed.

Positive emotions are up across the board this year, which may be a good sign for retailers and bankcard lenders. And if emotion is an indicator of spending, 2016 is looking good.

But while the holly-jolly sentiment is high, 56 percent of consumers say holiday shopping puts a strain on their finances. And, 43 percent of respondents said the stress of holiday shopping makes it difficult to enjoy the season.

Regardless of stress, consumers are seeking ways to spend.

Nearly half of respondents plan to use a major credit card to finance at least a portion of their holiday spending, second only to cash. With 44 percent of consumers saying they feel obligated to spend more than they can afford, it’s easy to see why credit cards are so important this time of year.

Bankcard originations have fully rebounded from the recession, exceeding $104 billion in the third quarter of 2016, the highest level since the fourth quarter of 2007. While originations have rebounded, delinquency rates have remained at historic lows. The availability of credit is giving consumers more purchasing power to fund their holiday spending. But what happens next?

As it turns out, many consumers resolve to consolidate all that holiday debt in the new year. Experian research shows that balance transfer activity reaches annual highs during the first quarter as consumers seek to simplify repayment and take advantage of lower interest rates. Proactive lenders can take advantage of this activity by making timely offers to consumers in need. At the same time, reactive lenders may feel the pain as balances transfer out of their portfolio.

By identifying consumers who are most likely to engage in a card-to-card balance transfers, lenders can anticipate these consumer bankcard trends. The insights can then be used to acquire new customers and balances through prescreen campaigns, while protecting existing balances before they transfer out of an existing lender portfolio.

With Black Friday and Cyber Monday behind us, the card balances are likely already rising. Now is the time for lenders to prepare for the January and February consolidations. Those hefty credit card statements are coming soon.

]]>0Debbie Sutherlandhttp://www.experian.com/blogs/insights/?p=9029582016-12-01T00:02:52Z2016-12-02T11:20:00ZHappy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many…

Happy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many businesses to focus more on service than on risk. Unfortunately, fraudsters and other criminals can make one of the busiest shopping times of the year, a miserable one for their victims.

The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses.

For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign-up for a credit monitoring service to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers.

For organizations, the focus should be on two fronts: data protection and fraud prevention. Not just to prevent financial theft, but to preserve trust — trust between organizations and consumers, as well as widespread consumer trust. Organizations must strive to evolve data protection controls and fraud prevention skills to minimize the damage caused by stolen identity data.

There are dozens of tools in the industry for identifying that a consumer is who they say they are – and these products are an important part of any anti-fraud strategy. These options may tell you that the combination of elements is the consumer, but do you know that it is the REAL consumer presenting them?

The smart solution is to use a broad data set for not only identity verification, but also to check linkage and velocity of use. For example:

Is the name linking to other addresses being presented in the past week?

Is the phone number showing up to other addresses and names over the past 30 days?

Has the SSN matched to other names over the past 90 days?

Since yesterday the address matches to four phone numbers and two names – is this a problem?

And it must be done in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate criminals. Click here to learn more about Experian’s products and services that can help.

As we go walking in the winter wonderland, remember, the holiday season is a time for cheer… and vigilance!

]]>0Kerry Riverahttp://www.experian.com/blogs/insights/?p=9029232016-11-28T22:56:09Z2016-12-01T06:00:00ZWhich part of the country has bragging rights when it comes to sporting the best consumer credit scores? Drum roll please … Honors go to the Midwest. In fact, eight of the 10 cities with the highest consumer credit scores…

Which part of the country has bragging rights when it comes to sporting the best consumer credit scores?

Drum roll please …

Honors go to the Midwest. In fact, eight of the 10 cities with the highest consumer credit scores heralded from Minnesota and Wisconsin.

Mankato, Minn., earned the highest ranking with an average credit score of 708 and Greenwood, Miss., placed last with an average credit score of 622.

Even better news is that the nation’s average credit score is up four points; 669 to 673 from last year and is only six points away from the 2007 average of 679, which is a promising sign as the economy continues to rebound.

Experian’s annual study ranks American cities by credit score and reveals which cities are the best and worst at managing their credit, along with a glimpse at how the nation and each generation is faring.

“All credit indicators suggest consumers are not as ‘credit stressed’ — credit card balances and average debt are up while utilization rates remained consistent at 30 percent,” said Michele Raneri, vice president of analytics and new business development at Experian.

As for the generational victors, the Silents have an average 730, Boomers come in with 700, Gen X with 655 and Gen Y with 634. We’re also starting to see Gen Z emerge for the first time in the credit ranks with an average score of 631.

Bankcard originations and balances continue to grow, dominated by the prime borrower.

And the housing market is healthy with boomerang borrowers re-emerging. An estimated 2.5 million Americans will see a foreclosure fall of their credit report between June 2016 and June 2017, creating a new pool of potential buyers with improved credit profiles.

More than 12 percent who foreclosed back in the Great Recession have already boomeranged to become homeowners again, while 29 percent who experienced a short sale during that same time have also recently taken on a mortgage.

“We are seeing the positive effects of economic recovery with the rise in income and low unemployment reflected in how Americans are managing their credit,” said Raneri.

Which means all is good in the world of credit. Of course there is always room for improvement, but this year’s 7th annual state of credit reveals there is much to be thankful for in 2016.

2017 data breach landscape

What will the 2017 data breach landscape look like? While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution released its fourth annual Data Breach Industry Forecast white paper.

The industry predictions in the report are rooted in Experian’s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry.

“Preparing for a data breach has become much more complex over the last few years,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond.”

“Experian’s annual Data Breach Forecast has proven to be great insight for cyber and risk management professionals, particularly in the healthcare sector as the industry adopts emerging technology at a record pace, creating an ever wider cyber-attack surface, adds Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA). “The consequences of a medical data breach are wide-ranging, with devastating effects across the board – from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital.”

“The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. “The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations’ incident response plans should certainly be updated to account for these new laws set to go in effect in 2017.”

Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added “Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks.”

]]>0Keir Breitenfeldhttp://www.experian.com/blogs/insights/?p=9027812016-11-29T17:37:44Z2016-11-21T21:30:00ZHow will the FinCEN revisions impact your business? (Part 2) I recently discussed the new FinCEN requirements to Customer Due Diligence. This time, I’d like to focus on the recent FinCEN advisory regarding “email-compromise fraud.” This new advisory sheds additional…

How will the FinCEN revisions impact your business? (Part 2)

I recently discussed the new FinCEN requirements to Customer Due Diligence. This time, I’d like to focus on the recent FinCEN advisory regarding “email-compromise fraud.” This new advisory sheds additional light on the dual threats of both Email Account Compromise impacting the general public and Business Email Compromise that targets businesses.

FinCEN has rightly identified and communicated several high-risk conditions common to the perpetration of scams such as varied languages, slight alterations in email addresses, out-of-norm account and transaction information, and social engineering in the form of follow-up requests for additional transfers. In addition to introducing operational standards to detect such conditions, institutions also would benefit from these other tactics and focal points as they respond to email requests for financial transfers:

Email validation and verification — use of third-party vendor services that can deliver a measurable level of confidence in the association of an email address to an actual, true identity.

Multifactor authentication — use of dual-step or out-of-band verification of the requested transaction using alternate channels such as phone.

Robust KYC/CIP at application and account opening to ensure that name, address, date of birth and Social Security number are verified and positively and consistently linked to a single identity, as well as augmented with phone and email verification and association for use in customer communications and multifactor authentications.

Customer transactional monitoring in the form of establishing typical or normal transfer activity and thresholds for outlying variations of concern.

Known and suspected fraud databases updated in real time or near real time for establishing blacklist emails to be segmented as high risk or declines upon receipt.

Identity application and transactional link analysis to monitor for and detect the use of shared and manipulated email addresses across multiple transaction requests for disparate identities.

Access to device intelligence and risk assessment to ensure consistent association of a true customer with one or more trusted devices and to detect variance in those trusted associations.

]]>0Sacha Terrillhttp://www.experian.com/blogs/insights/?p=9029172016-11-17T22:24:01Z2016-11-18T06:00:00ZIn order to compete for consumers and to enable lender growth, creating operational efficiencies such as automated decisioning is a must. Unfortunately, somewhere along the way, automated decisioning unfairly earned a reputation for being difficult to implement, expensive and time…

In order to compete for consumers and to enable lender growth, creating operational efficiencies such as automated decisioning is a must. Unfortunately, somewhere along the way, automated decisioning unfairly earned a reputation for being difficult to implement, expensive and time consuming. But don’t let that discourage you from experiencing its benefits.

Let’s take a look at the most popular myths about auto decisioning.

Myth #1: Our system isn’t coded. If your system is already calling out for Experian credit reporting data, a very simple change in the inquiry logic will allow your system to access Decisioning as a ServiceSM.

Myth #2: We don’t have enough IT resources. Decisioning is typically hosted and embedded within an existing software that most credit unions currently use – thus eliminating or minimizing the need for IT. A good system will allow configuration changes at any time by a business administrator and should not require assistance from a host of IT staff, so the demand on IT resources should decrease. Decisioning as a Service solutions are designed to be user friendly to shorten the learning curve and implementation time.

Myth #3: It’s too expensive. Sure, there are highly customized products out there that come with hefty price tags, but there are also automated solutions available that suit your budget. Configuring a product to meet your needs and leaving off any extra bells and whistles that aren’t useful to your organization will help you stick to your allotted budget.

Myth #4: Low ROI. Oh contraire…Clients can realize significant return-on-investment with automated decisioning by booking more accounts … 10 percent increase or more in booked accounts is typical. Even more, clients typically realize a 10 percent reduction in bad debt and manual review costs, respectively. Simply estimating the value of each of these things can help populate an ROI for the solution.

Myth #5: The timeline to implement is too long. It’s true, automation can involve a lot of functions and tasks – especially if you take it on yourself. By calling out to a hosted environment, Experian’s Decisioning as a Service can take as few as six weeks to implement since it simply augments a current system and does not replace a large piece of software.

Myth #6: Manual decisions give a better member experience. Actually, manual decisions are made by people with their own points of view, who have good days and bad days and let recent experiences affect new decisions. Automated decisioning returns a consistent response, every time. Regulators love this!

Myth #7: We don’t use Experian data. Experian’s Decisioning as a Service is data agnostic and has the ability to call out to many third-party data sources and configure them to be used in decisioning.

—

These myth busters make a great case for implementing automated decisioning in your loan origination system instead of a reason to avoid it. Learn more about Decisioning as a Service and how it can be leveraged to either augment or overhaul your current decisioning platforms.

]]>0Keir Breitenfeldhttp://www.experian.com/blogs/insights/?p=9029062016-11-16T22:27:59Z2016-11-17T11:03:00ZReinventing Identity for the Digital Age Electronic Signature & Records Association (ESRA) conference I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C. I was part of a fantastic panel delving…

Reinventing Identity for the Digital Age

Electronic Signature & Records Association (ESRA) conference

I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C. I was part of a fantastic panel delving into the topic, ‘Reinventing Identity for the Digital Age.’ While certainly hard to do in just an hour, we gave it a go and the dialogue was engaging, healthy in debate, and a conversation that will continue on for years to come. The entirety of the discussion could be summarized as:

An attempt to directionally define a digital identity today

The future of ownership and potential monetization of trusted identities

And the management of identities as they reside behind credentials or the foundations of block chain

Again, big questions deserving of big answers.

What I will suggest, however, is a definition of a digital identity to debate, embrace, or even deride. Digital identities, at a minimum, should now be considered as a triad of 1) verified personally identifiable information, 2) the collective set of devices through which that identity transacts, and 3) the transactional (monetary or non-monetary) history of that identity.

Understanding all three components of an identity can allow institutions to engage with their customers with a more holistic view that will enable the establishment of omni-channel communications and accounts, trusted access credentials, and customer vs. account-level risk assessment and decisioning.

In tandem with advances in credentialing and transactional authorization such as biometrics, block chain, and e-signatures, focus should also remain on what we at Experian consider the three pillars of identity relationship management:

Identity proofing (verification that the person is who they claim to be at a specific point in time)

Authentication (ongoing verification of a person’s identity)

Identity management (ongoing monitoring of a person’s identity)

As stronger credentialing facilitates more trust and open functionality in non-face-to-face transactions, more risk is inherently added to those credentials. Therefore, it becomes vital that a single snapshot approach to traditionally transaction-based authentication is replaced with a notion of identity relationship management that drives more contextual authentication. The context thus expands to triangulate previous identity proofing results, current transactional characteristics (risk and reward), and any updated risk attributes associated with the identity that can be gleaned.

The bottom line is that identity risk changes over time. Some identities become more trustworthy … some become less so. Better credentials and more secure transactional rails improve our experiences as consumers and better protect our personal information. They cannot, however, replace the need to know what’s going on with the real person who owns those credentials or transacts on those rails. Consumers will continue to become more owners of their digital identity as they grant access to it across multiple applications. Institutions are already engaged in strategies to monetize trusted and shareable identities across markets. Realizing the dynamic nature of identity risk, and implementing methods to measure that risk over time, will better enable those two initiatives.

]]>0Keir Breitenfeldhttp://www.experian.com/blogs/insights/?p=9027762016-11-29T17:37:10Z2016-11-16T01:27:00ZHow will the FinCEN revisions impact your business? (Part 1) Some recently published FinCEN revisions and advisories are causing a stir. First, let’s look at revisions to Customer Due Diligence that require compliance by May 2018. Under the updated requirements for…

How will the FinCEN revisions impact your business? (Part 1)

Some recently published FinCEN revisions and advisories are causing a stir. First, let’s look at revisions to Customer Due Diligence that require compliance by May 2018.

Under the updated requirements for Customer Due Diligence, covered financial institutions must expand programs, including Customer Identification Programs (CIP), to include Beneficial Owners of Legal Entity customers. Under the new rule, financial institutions must collect and verify identity information (name, address, date of birth, Social Security number or passport number for foreign individuals):

For each Natural Person with at least 25% ownership in the Legal entity

and

For an individual with significant responsibility for managing or controlling the business — for example, a chief executive officer, a chief financial officer, a chief operating officer, a managing member, a general partner, a president, a vice president or a treasurer

The U.S. Treasury estimates that illicit proceeds generated in the United States alone total $400 billion annually. These requirements are intended to prevent anonymous access to financial systems through shielded or minority ownership. While the effort to stem the tide of illicit proceeds is laudable, the impact to business may be significant. Most organizations will need to audit their data collection practices, and many will need to make changes to either data collection or workflow processes to ensure compliance.

While quite simple and straightforward on paper, the standardization of additional CIP policies and procedures tend to create substantive impact to the customer experience as well as operational resource allocations and utilization. Covered financial institutions should already be discussing with their current or prospective fraud risk and identity management vendors to ensure that:

There is a clear path to altering both data collection and verification of these additional identity elements.

Clear and accurate benchmarking around expected verification rates is available ahead of the compliance date to allow for operational workflow design to accommodate both ‘verifications’ and ‘referrals stemming from lack of full verification.’

Service providers are granting access to best-in-class data assets and search & match logic related to identity element verification and risk assessment, along with multi-layered options to reconcile those initial verification ‘fails.’

Full business reviews and strategy design sessions are underway or being scheduled to align and document overall objectives of the program, benchmarking of leading industry practices, current and future state gaps, near- and long-term initiatives and a prioritized roadmap, a viable business case toward additional investment in services and resources, and a plan of execution.